644999f6588e761c14a63c45a8ed63fe128ec97910ce12f6e61b5ea1e5fcd61f | Triage

Analysis

max time kernel
11s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 10:55

Sharing

Report Analysis Logs

General

Target

644999f6588e761c14a63c45a8ed63fe128ec97910ce12f6e61b5ea1e5fcd61f.dll
Size

4KB
MD5

3813d709eca7db27e62243c4e6b9b0f0
SHA1

1fb413b8b59a31891c29bc633ac8c89e7e3089c4
SHA256

644999f6588e761c14a63c45a8ed63fe128ec97910ce12f6e61b5ea1e5fcd61f
SHA512

2c6529829a7fcb6e46f7412f6c6ad4fcabd8d169ea717880368e5569d75f00e699a9b924bddb7d99e2118607bdaf7104e502f7489350f777acb6a39509ab8b3a

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28
PID 1276 wrote to memory of 1380	1276	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\644999f6588e761c14a63c45a8ed63fe128ec97910ce12f6e61b5ea1e5fcd61f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\644999f6588e761c14a63c45a8ed63fe128ec97910ce12f6e61b5ea1e5fcd61f.dll,#1
  2⤵
  PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1380-55-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download